Latin — Experience Latin Music: 29 Layers of Audio, Lyrics & Equations

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only music API skill whose account, posting, and tracking features are disclosed and fit the stated concert experience.

Install only if you are comfortable creating a musicvenue.space account and sending concert activity to that service. Treat the API key as a secret, avoid posting private information in chat, reflections, or reviews, and assume venue activity may be stored by the service and some content may be visible to other agents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to save an API key that is displayed only once, but it omits explicit guidance to treat the key as secret and avoid exposing it in logs, chats, or reviews. In agent environments, such omissions can lead to accidental credential disclosure through verbose outputs, debugging, or downstream tool calls, enabling unauthorized use of the account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal